SINGAPORE: There has been growing interest in cyber insurance from Singapore businesses over the past few years as cyber attacks on corporations hit the headlines, according to providers Chubb and MSIG Insurance Singapore.

Jeremy Lian, senior vice-president of technical services at MSIG, said: “The uptake has been encouraging and we are seeing more small and medium enterprises open to having cyber insurance as an add-on to their core business coverage.”

Factors contributing to this increase include an evolving threat landscape, changes in compliance, and regulatory requirements across various sectors that may be influencing organisational risk management strategies, added Anshuman Sharma, the director of the Verizon Threat Research Advisory Centre and cyber-security consulting services.

Cyber insurance has been growing in importance as companies seek to manage their financial risks from cyber attacks.

Data breaches are costly for companies, and the full impact on the company is not clear to investors even months after an incident has occurred, said Conrad Tan, an environmental, social and governance analyst at Bloomberg Intelligence.

There are multiple channels of potential financial impact, including loss of revenue from business disruption and damage control and data recovery costs, he noted.

Tan added: “Other costs may be incurred long after an incident, such as regulatory fines, additional investments to strengthen cyber defences, or higher cyber insurance premiums.”

Cyber insurance debuted in Asia around 2009 and coverage typically focused on a company’s third-party liability concerns, such as fines and penalties or claims brought forward by entities or an individual.

In recent years, first-party losses - which refer to incidents such as lost profits from business interruption, data and systems recovery and extortion expenses - have become more prominent.

Cyber insurance policies in the region tend to be comprehensive, addressing both first-party expenses and third-party claims, said MSIG’s Lian.

Despite the growing importance of cyber insurance, only 12 out of the 643 companies listed on the Singapore Exchange - about 2% - have disclosed that they have it.

The number of companies that have cyber insurance is not known as disclosure is not mandatory for SGX listed companies.

This is as the data provided by Bloomberg Intelligence is culled from public filings such as annual reports or sustainability reports in the past two years.

Lian said: “Despite increasingly sophisticated cyber attacks against businesses in this region, cyber insurance policies remain effective in providing a robust protection against these evolving threats.”

According to Lian, the most common and high-risk areas of cyber security are data breaches, ransomware, business email compromise and human error.

Another high-risk area is the failure to acknowledge and adequately prepare for cyber risks, added Vincent Padula, the Asia technology and cyber manager at Chubb. This includes neglecting to update systems and network IT assets promptly, leaving vulnerabilities that can be exploited by malicious actors.

It is important for companies to be aware of their risk appetite and ensure their cyber insurance coverage and policy limits align with their overall risk management strategy, said Padula.

 - ANN